Building Control Systems at Risk

As lines continue to blur between information technology and operational technology, protecting your organization from cyber threats is more complex than ever.

In a recent post by GSX (Global Security Exchange), “Understanding the Vulnerabilities of Building Control Systems,” Senior Security Systems Consultant Coleman Wolf says these systems were not traditionally built with security in mind. That’s no longer the case as business control and security systems are increasingly tied to each other and other business systems. Unfortunately, these operational technology (OT) systems are often the easiest for hackers to attack and exploit. This can lead to backdoor access to more sensitive information on information technology (IT) systems. Historically, Wolf says IT professionals would evaluate their cybersecurity risk approach in what they call the CIA triad, which stands for confidentiality, integrity, and availability. With the addition of other building systems to the mix, Wolf says safety needs to be added to the equation. According to Wolf, “It’s not just the business aspects you have to worry about, you have to add the health, safety, and well-being of anyone—staff, customers, the public—who might be in an environment that is affected by one of the compromised systems.”

Wolf will be a featured expert at the GSX 2021 conference scheduled for later in September. His presentation, “Hacking Building Controls for Fun and Profit: Security Risks to Cyber-Physical Systems,” will be available both in-person and livestreamed online.

As a Senior Security Systems Consultant, Coleman Wolf shares his knowledge from over 25 years of security management and security engineering experience to promote ESD’s mission to improve society through the built environment.

For more information on cybersecurity and how you may be at risk, contact Coleman or ESD’s Cybersecurity Practice Leader, Bryan Bennett.